The Case against Commercial Antivirus Software: Risk Homeostasis and Information Problems in Cybersecurity
Autor: | Eric Jardine |
---|---|
Rok vydání: | 2020 |
Předmět: |
Risk
Reverse causality 021110 strategic defence & security studies Short run Event (computing) 0211 other engineering and technologies 02 engineering and technology Information security 010501 environmental sciences Computer security computer.software_genre 01 natural sciences Software risk Physiology (medical) Humans Survey data collection Business Safety Risk Reliability and Quality computer Computer Security Software Probability 0105 earth and related environmental sciences |
Zdroj: | Risk Analysis. 40:1571-1588 |
ISSN: | 1539-6924 0272-4332 |
Popis: | New cybersecurity technologies, such as commercial antivirus software (AV), sometimes fail to deliver on their promised benefits. This article develops and tests a revised version of risk homeostasis theory, which suggests that new cybersecurity technologies can sometimes have ill effects on security outcomes in the short run and little-to-no effect over the long run. It tests the preliminary plausibility of four predictions from the revised risk homeostasis theory using new survey data from 1,072 respondents. The estimations suggest the plausible operation of a number of risk homeostasis dynamics: (1) commercial AV users are significantly more likely to self-report a cybersecurity event in the past year than nonusers, even after correcting for potential reverse causality and informational mechanisms; (2) nonusers become somewhat less likely to self-report a cybersecurity event as the perceived riskiness of various e-mail-based behaviors increases, while commercial AV users do not; (3) the negative short-run effect of commercial AV use on cybersecurity outcomes fade over time at a predicted rate of about 7.03 percentage points per year of use; and (4) after five years of use, commercial AV users are statistically indistinguishable from nonusers in terms of their probability of self-reporting a cybersecurity event as perceptions of risky e-mail-based behaviors increase. |
Databáze: | OpenAIRE |
Externí odkaz: | |
Nepřihlášeným uživatelům se plný text nezobrazuje | K zobrazení výsledku je třeba se přihlásit. |